Last updated: 1 April 2026
This Privacy Policy explains what personal data we collect through falsonal.com, why we collect it, how we use it, and what your rights are. We've written it in plain language because we believe data policies should be readable. The legal bones are still here — we're a Dutch organisation, and this policy is GDPR-compliant.
1. Who is the data controller
The data controller for personal information collected through this Site is:
Falsonal Events B.V.
Prinsengracht 263
1016 GV Amsterdam
Netherlands
KvK (Chamber of Commerce): 87654321
VAT: NL862345678B01
Email: hello@falsonal.com
Phone: +31 20 123 4567
We're a small team and don't currently have a dedicated Data Protection Officer because we don't meet the GDPR thresholds requiring one. The same email address handles all data-related queries and we treat them seriously.
2. What personal data we collect
From the tournament registration form, we collect: first name, last name, email address, phone number (optional), age, and your stated UNO experience level.
From the contact form, we collect: name, email address, optional subject, and the message you write.
Automatically, when you visit the Site, we collect basic technical data: IP address, browser type, operating system, referring URL, and pages viewed. This is standard web server logging. See the Cookie Policy for details on cookies and analytics.
We do not collect: payment information (the event is free, no payments are processed), identification documents, biometric data, or special categories of personal data (health, religion, political views, etc.).
3. Why we collect it
Your registration data is used for one purpose: running the tournament. Specifically:
- To confirm your registration and send you a confirmation email.
- To send you essential reminders and logistical updates about October 15.
- To check you in at the door against the registration list.
- To track no-shows for capacity planning.
- If applicable, to communicate with you about the prize you won.
Contact form data is used to respond to your message — that's it.
Technical/server data is used for security (detecting abuse) and basic site analytics (understanding what pages people read). We do not sell or rent your data, ever, full stop.
4. Legal basis for processing
Under GDPR, we rely on the following legal bases:
- Consent for the tournament registration and any optional marketing communications. You give consent by submitting the form.
- Contractual necessity for fulfilling the registration agreement (e.g., we need your email to send confirmation).
- Legitimate interest for basic site security and analytics, where this doesn't override your rights.
- Legal obligation where we're required to retain data by law (e.g., tax records for sponsor contributions).
5. How long we keep your data
Tournament registration data is kept until 31 January 2027 — about three months after the event. After that, we delete it from our active systems. We may retain anonymised aggregated statistics (e.g., "100 people registered, 87 attended") indefinitely.
Contact form messages are kept for one year after our last reply, unless they're part of an ongoing matter.
Server logs are kept for 30 days.
6. Who we share your data with
We share data only with service providers strictly necessary for running the Site and the event:
- Email service provider (used to send registration confirmations) — based in the EU, GDPR-compliant.
- Web hosting provider (where the Site is hosted) — based in the EU.
- Analytics provider (cookie-based, only if you accept cookies) — see Cookie Policy.
We do not share your data with sponsors, marketing companies, or any third party for commercial purposes. Sponsors do not receive registrant lists from us.
If we ever need to disclose data to comply with a legal request (court order, subpoena), we will do so only to the minimum extent required, and we'll inform you unless legally prohibited.
7. International data transfers
All processing happens within the European Economic Area (EEA). If at any point a service provider is located outside the EEA, we'll only use one that operates under GDPR-equivalent safeguards (Standard Contractual Clauses or Adequacy Decisions).
8. Your rights under GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure ("right to be forgotten") — ask us to delete your data, subject to certain legal exceptions.
- Restriction — ask us to pause processing while a question is being resolved.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interest.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
To exercise any of these rights, email hello@falsonal.com. We'll respond within thirty days, usually much faster.
9. Security
We take reasonable technical and organisational measures to protect your data — encrypted connections (HTTPS) on the Site, access controls on our backend, no unnecessary data retention. That said, no system is 100% secure. If we ever experience a data breach that affects your information, we'll notify you and the relevant authorities within 72 hours, as required by GDPR.
10. Children's data
The Site and the tournament are intended for adults (18+). We don't knowingly collect data from children under 16. If you believe we've inadvertently collected such data, please contact us and we'll delete it.
11. Changes to this policy
We may update this policy. The "last updated" date at the top reflects the most recent change. If we make significant changes, we'll notify registered participants by email. Continued use of the Site after changes are posted constitutes acceptance.
12. Contact us about your data
For any privacy-related question or request: hello@falsonal.com.